FastAPI cookie login question #25

CJRockball · 2023-11-09T02:14:47Z

CJRockball
Nov 9, 2023

Hi Sam,

I worked through your blog How to create a FastAPI Web App with authentication, which is awesome by the way, but there is one thing I don't understand.

The endpoint/function,

@app.post("token")
def login_for_access_token(
    response: Response, 
    form_data: OAuth2PasswordRequestForm = Depends()
) -> Dict[str, str]:

Can be called in two different cases. From a login, where it's called directly with username and password in form_data. It can also be called from a secured endpoint, i.e. "/private", through a dependency. The private endpoint first has a dependency "get_current_user_from_token" which in turn injects "oauth2_scheme" which calls the tokenUrl "token".

I've looked through the OAuth classes but, what I don't understand is how "token" gets the form_data in from a secured endpoint. Username and Password is not stored (except username in the token) so where do these come from?

Best regards,
Patrick Carlberg

Answered by CJRockball

Nov 9, 2023

I get it....the OAuth2PasswordBearerWithCookie class looks for 'bearer'. It intercepts before it goes to 'token'?

View full answer

CJRockball · 2023-11-09T02:43:36Z

CJRockball
Nov 9, 2023
Author

I get it....the OAuth2PasswordBearerWithCookie class looks for 'bearer'. It intercepts before it goes to 'token'?

1 reply

SamEdwardes Nov 14, 2023
Maintainer

Thanks for the question! I will try to add some more context as well.

SamEdwardes · 2023-11-16T23:24:07Z

SamEdwardes
Nov 16, 2023
Maintainer

Hi @CJRockball, thanks for reading my blog post and asking the question :) The best explanation can be found on the FastAPI docs: https://fastapi.tiangolo.com/tutorial/security/simple-oauth2/#code-to-get-the-username-and-password. I will take a stab at explaining.

The token endpoint is responsible for getting the username and password. If they match the correct values, it will then set the cookie so that all future requests have the JWT.

1 reply

SamEdwardes Nov 16, 2023
Maintainer

I also find it confusing that Depends() takes no arguments. That is a "shortcut" in FastAPI: https://fastapi.tiangolo.com/tutorial/dependencies/classes-as-dependencies/?h=depends#shortcut.

For example, this...

@app.post("token")
def login_for_access_token(
    response: Response, 
    form_data: OAuth2PasswordRequestForm = Depends()
) -> Dict[str, str]:

Is the same as this...

@app.post("token")
def login_for_access_token(
    response: Response, 
    form_data: OAuth2PasswordRequestForm = Depends(OAuth2PasswordRequestForm)
) -> Dict[str, str]:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FastAPI cookie login question #25

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

FastAPI cookie login question #25

Uh oh!

Uh oh!

CJRockball Nov 9, 2023

Replies: 2 comments · 2 replies

Uh oh!

CJRockball Nov 9, 2023 Author

Uh oh!

SamEdwardes Nov 14, 2023 Maintainer

Uh oh!

SamEdwardes Nov 16, 2023 Maintainer

Uh oh!

SamEdwardes Nov 16, 2023 Maintainer

CJRockball
Nov 9, 2023

Replies: 2 comments 2 replies

CJRockball
Nov 9, 2023
Author

SamEdwardes Nov 14, 2023
Maintainer

SamEdwardes
Nov 16, 2023
Maintainer

SamEdwardes Nov 16, 2023
Maintainer